while working on the PWB online course, I kept running into the need to do HEX and URL encoding/decoding. I asked on the #offsec iRC channel for a tool in BackTrack to do this, and it was suggested to make use of perl. after a while it became a little cumbersome to use perl one-liners, so I created this perl script to help out. figured I'd share it with others :D it takes input from the command-line, or from a file. anytime something is ENcoded, the output is placed all on a single line (think file uploads via SQL injection, etc). feel free to leave comments or suggestions

Nice I can't wait to try it out. I don't know how many times I've had the exact same idea. I even starting coding a script in python and never got around to finishing it. Maybe this will inspire me to get it done.

I need to decode URL twice. Is there a way I can pipe the output back into another hURL command?
Something like this?

Code:

hURL -d -f urlencodedfile.log | hURL -d | less

08-19-2011, 07:55 AM

fnord0

Re: hURL - hexadecimal & URL encoder + decoder

natecitrix, I'm thinking u could use bash to accomplish yr desired results, just make sure your current shell is a bash shell (which is default in backtrack) and make use of the suppression command-line switch in hURL ;;

Code:

# RESULT=$(hURL -sdf urlencodedfile.log)| hURL -sd "$RESULT"

obviously u can throw a "| less" command at the end if u like, let me know if this works for you - or if u would like me to add any specific feature to hURL. thanks for your post!-

working on the offsec CTP test, and alot more with shellcode had me seeking out more conversion tools... rax(2) from radare is such a great app, and has many conversions I've been using, I figured why not implement alot of the rax(2) functionality into this script + many other options. which brings this script to today ::

PS: I did indeed incorporate code from corelan/peter and want to say I didn't just copy+paste, but actually made some modifications -- imho improvements ;) -- to his scripts. fact being studying for the OSCE test has had me going over nearly all the corelan exploit tutorials and I found myself using his code so often, I figured why not merge it into this kinda all-in-one tool. within this script I have given proper attribution to all peter's code, and have even gone so far as to contacting him via #corelan chat on freenode to get his blessing to re-use his code from pveReadbin.pl/pveWritebin.pl/pvePushString.pl (if he reads this, THANK YOU AGAIN!)

my primary reason for posting this here, is that Im thinking most people who are going to be utilizing the OffSec courses may be the ones who could benefit from this tool the most =) if not, hey, no harm, no foul. (that's the intention at least, heh)

most of all, this tool has been a time saver for me and my studying, and has helped me learn to program new things with perl.

@b333f thanks much for the kind words! sorry for the late reply, Ive been all sorts of busy lately